ec_privkey_export_der() seems to be called as compressed mode ALWAYS. Is it on purpose? #10041

1. 
   kobake commented at 3:50 am on March 21, 2017: contributor

   What version of bitcoin-core are you using?

   GitHub latest master. (3192e5278abca7c1f3b4a2a7f77a0ce941c73985)

   Describe the issue

   “compressed” argument of ec_privkey_export_der() seems to be bool-typed.

   ec_privkey_export_der function has a “compressed” argument and it accepts bool-typed value (0 or not 0) as far as I see the implementation of the function.

   https://github.com/bitcoin/bitcoin/blob/master/src/key.cpp#L70 https://github.com/bitcoin/bitcoin/blob/master/src/secp256k1/contrib/lax_der_privatekey_parsing.c#L56

   0if (compressed) {
   1    ....
   2} else {
   3    ....
   4}
   

   Passed values for the “compressed” are NOT ZERO ALWAYS.

   Actually, however, the passed values for the argument “compressed” are SECP256K1_EC_COMPRESSED or SECP256K1_EC_UNCOMPRESSED only, and Both of them are NOT ZERO.

   • SECP256K1_EC_COMPRESSED equals 0x102. (NOT ZERO)
   • SECP256K1_EC_UNCOMPRESSED equals 0x2. (NOT ZERO)

   https://github.com/bitcoin/bitcoin/blob/master/src/key.cpp#L149

   0ret = ec_privkey_export_der(secp256k1_context_sign,
   1  (unsigned char*)&privkey[0], &privkeylen, begin(),
   2  fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
   

   https://github.com/bitcoin/bitcoin/blob/master/src/secp256k1/include/secp256k1.h#L147

   0#define SECP256K1_FLAGS_TYPE_COMPRESSION (1 << 1)
   1#define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8)
   2#define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
   3#define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
   

   My idea: Ignoring fCompressed variable.

   I think fCompressed makes no sense when calling ec_privkey_export_der(). Though, to keep compatibility, ec_privkey_export_der() should be called as compressed mode only as in the past, I think.

   I also think the fCompressed variable on ec_privkey_export_der() calling is now only noise and should be removed. I’d suggest my idea that calling ec_privkey_export_der() without considering fCompressed, as follows.

   0// idea1
   1ret = ec_privkey_export_der(secp256k1_context_sign,
   2  (unsigned char*)&privkey[0], &privkeylen, begin(), SECP256K1_EC_COMPRESSED);
   3
   4// idea2
   5ret = ec_privkey_export_der(secp256k1_context_sign,
   6  (unsigned char*)&privkey[0], &privkeylen, begin(), 1);
   

   What do you think of that?

   BTW: The implementation of ec_privkey_export_der() seems to be the copy of the library code, so I thought it’s not good to change it. Actually is that right?

2. kobake renamed this:
   ec_privkey_export_der() seems to be called as compressed mode ALWAYS. Is it on purpoes?
   ec_privkey_export_der() seems to be called as compressed mode ALWAYS. Is it on purpose?
   on Mar 21, 2017
3. fanquake added the label Questions and Help on Mar 21, 2017
4. 
   jonasschnelli commented at 8:05 am on March 21, 2017: contributor

   This indeed looks after a bug! Main problem is that we are checking for if (compressed) { inec_privkey_export_der and probably except a Boolean value while the function gets called with an argument of fCompressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED.
5. 
   kobake commented at 12:23 pm on March 21, 2017: contributor

   Thanks for your treating. I understood this is not a refactoring problem, but a bug.
6. 
   laanwj commented at 2:12 pm on April 7, 2017: member

   Thanks for reporting however this turns out to be just an awkwardness in representation, not really a bug, as it does not affect users in any way. It will change when a new, non-backwards compatible private key format is introduced instead of the the DER format (which is a waste of space anyway). See #10043.
7. laanwj closed this on Apr 7, 2017

   ---

8. DrahtBot locked this on Sep 8, 2021

Contributors
kobake jonasschnelli laanwj

Labels
Questions and Help